[Dovecot] GSSAPI and virtual Users?
Jelmer Vernooij
jelmer at samba.org
Sat Mar 25 15:40:06 EET 2006
On Sat, Mar 25, 2006 at 12:24:48PM +0200, Timo Sirainen wrote:
> On Wed, 2006-03-15 at 16:32 +0100, Jelmer Vernooij wrote:
> > On Wed, Mar 15, 2006 at 04:23:05PM +0100, S. Thias wrote:
> > > is there a possibility to map login-names to allowed
> > > Kerberos-Principals? At the moment GSSAPI-authentication seems to work
> > > only if loginname and kerberos-principal are the same, or am I missing
> > > something?
> > I'm afraid that at the moment, that's not (yet) possible.
> I added now a pass=yes option to passdbs. This allows doing the
> conversion using eg.:
> passdb passwd-file {
> args = /etc/imap.users
> pass = yes
> }
> Where the imap.users file would contain entries like:
> imapuser:::::::user=realuser
> Or it could be done with SQL, LDAP or whatever.
> Now if only the GSSAPI code could somehow be told to do these passdb
> lookups. :) Maybe it should do it always for pass=yes passdbs? I'm not
> really sure..
That shouldn't be too hard to implement I guess (at the moment
we simply require that the kerberos principal matches the username).
What functions do I need to call to look up the mapping?
Cheers,
Jelmer
--
Jelmer Vernooij <jelmer at samba.org> - http://jelmer.vernstok.nl/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
Url : http://dovecot.org/pipermail/dovecot/attachments/20060325/4710bcf2/attachment.pgp
More information about the dovecot
mailing list